As part of my BSc final year project, I am investigation the integrity of web browser 'private browsing modes'.
For the investigation i need to create test Windows 7 environments as i was wondering whether or not i should create these in a virtual machine or an actual physical machine?
Its a bit of a struggle getting access to a suitable physical machine to perform such investigations on.
A virtual machine would be easier and I could easily replicate the virtual drive for other tests.
Is there anything i should consider when choosing between the two? Will using a virtual machine altered my investigation results in anyway?
Thank you for taking your time reading this post,
Dan
Will using a virtual machine altered my investigation results in anyway?
As you're a student, let's try it this way…what would physical hardware give you, with respect to the testing you want to conduct, that you would not get using VMs?
I might be missing something here, but to set up Win7 VM's you are going to need a Win7 install disc.
If you have a computer that was built in the last couple of years then you have suitable hardware already.
Install Win7 on your computer and begin work. No need to go the VM way unless you absolutely have to in my opinion.
VM will add a layer of complexity to the work and increase unknown variables. I know I'm going to get shouted down here by guys who have a good understanding of VM's and how they operate and that's fine. But one of my biggest issues with so many white papers and studies that they are done under 'lab conditions' with only a bare nod in the direction of reality.
Install Win7 on a computer and do the testing that way. Results will be more accurate and simpler to obtain. More importantly they will be easier to duplicate, which if memory serves is pretty important.
I might be missing something here, but to set up Win7 VM's you are going to need a Win7 install disc.
If you have a computer that was built in the last couple of years then you have suitable hardware already.
Install Win7 on your computer and begin work. No need to go the VM way unless you absolutely have to in my opinion.
VM will add a layer of complexity to the work and increase unknown variables. I know I'm going to get shouted down here by guys who have a good understanding of VM's and how they operate and that's fine. But one of my biggest issues with so many white papers and studies that they are done under 'lab conditions' with only a bare nod in the direction of reality.
Install Win7 on a computer and do the testing that way. Results will be more accurate and simpler to obtain. More importantly they will be easier to duplicate, which if memory serves is pretty important.
it makes sense to use a clean install for different tests though. rather than doing the tests on the system you've been using, which may impact your results.
I like doing tests in VM initially, but sometimes using a restored disk or fresh image works better. I know someone thats just finished his phd and his testing was doing using an image that he reghosted before each test.
I wonder if you could try to get a copy of windows working as a sort of live cd using winPE
(It seems harlan wants you to come to your own conclusions about what doing it one way or the other would change, so i wont ruin the suprise)
Either physical or virtual should be OK in my opinion. Browser behavior should not change.
If you do physical, the you can image the entire hard drive before you start. Then re-image the hard drive to get a clean state. We do this all the time with Ghost when we need a clean physical machine for benchmarking the hardware.
I would prefer a physical machine because you are able to dedicate more resources to the processing of data instead of running the virtual machine that will limit the amount of RAM, processors and hard drive space for analyzing a disc image. If you don't have the money to dedicate an entire machine to forensics, then Virtual machine is the alternative. But I would still highly recommend a solid physical computer with good specs to be able to handle a lot of data processing and analysis.